Function Description

The ip-restriction plugin can restrict access to services or routes by whitelisting or blacklisting IP addresses. It supports restrictions on a single IP address, multiple IP addresses, and CIDR ranges like 10.10.10.0/24.

Running Attributes

Plugin execution phase: Authentication Phase

Plugin execution priority: 210

Configuration Description

Configuration ItemTypeRequiredDefault ValueDescription
ip_source_typestringNoorigin-sourceOptional values: 1. Peer socket IP: origin-source; 2. Get from header: header
ip_header_namestringNox-forwarded-forWhen ip_source_type is header, specify the custom IP source header
allowarrayNo[]Whitelist
denyarrayNo[]Blacklist
statusintNo403HTTP status code when access is denied
messagestringNoYour IP address is blocked.Return message when access is denied
  1. ip_source_type: origin-source
  2. allow:
  3.   - 10.0.0.1
  4.   - 192.168.0.0/16
  1. ip_source_type: header
  2. ip_header_name: x-real-iP
  3. deny:
  4.   - 10.0.0.1
  5.   - 192.169.0.0/16